From 5a918564e17b5549ee58dc626e7b6709d4ac9aab Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sat, 24 Apr 2021 14:42:14 -0400 Subject: gnu: gst-plugins-base: Fix an invalid read when parsing ID3v2 tags. * gnu/packages/patches/gst-plugins-base-fix-id3v2-invalid-read.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/gstreamer.scm (gst-plugins-base)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/gstreamer.scm | 1 + .../gst-plugins-base-fix-id3v2-invalid-read.patch | 40 ++++++++++++++++++++++ 3 files changed, 42 insertions(+) create mode 100644 gnu/packages/patches/gst-plugins-base-fix-id3v2-invalid-read.patch diff --git a/gnu/local.mk b/gnu/local.mk index 99f2f8b067..18ebbcd0ce 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1171,6 +1171,7 @@ dist_patch_DATA = \ %D%/packages/patches/gspell-dash-test.patch \ %D%/packages/patches/gst-libav-64channels-stack-corruption.patch \ %D%/packages/patches/gst-plugins-bad-fix-overflow.patch \ + %D%/packages/patches/gst-plugins-base-fix-id3v2-invalid-read.patch \ %D%/packages/patches/gst-plugins-good-fix-test.patch \ %D%/packages/patches/gst-plugins-good-CVE-2021-3497.patch \ %D%/packages/patches/gst-plugins-good-CVE-2021-3498.patch \ diff --git a/gnu/packages/gstreamer.scm b/gnu/packages/gstreamer.scm index 58a02119c6..7d9c5c993f 100644 --- a/gnu/packages/gstreamer.scm +++ b/gnu/packages/gstreamer.scm @@ -527,6 +527,7 @@ This package provides the core library and elements.") (method url-fetch) (uri (string-append "https://gstreamer.freedesktop.org/src/" name "/" name "-" version ".tar.xz")) + (patches (search-patches "gst-plugins-base-fix-id3v2-invalid-read.patch")) (sha256 (base32 "1b05kg46azrxxvq42c71071lfsnc34pw4vynnkczdqi6g0gzn16x")))) diff --git a/gnu/packages/patches/gst-plugins-base-fix-id3v2-invalid-read.patch b/gnu/packages/patches/gst-plugins-base-fix-id3v2-invalid-read.patch new file mode 100644 index 0000000000..b2dfef0118 --- /dev/null +++ b/gnu/packages/patches/gst-plugins-base-fix-id3v2-invalid-read.patch @@ -0,0 +1,40 @@ +Fix an "invalid read during ID3v2 tag parsing". + +https://security-tracker.debian.org/tracker/TEMP-0000000-57E7C1 +https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues/876 + +Patch copied from upstream source repository: + +https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/f4a1428a6997658625d529b9db60fde812fbf1ee + +From f4a1428a6997658625d529b9db60fde812fbf1ee Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tim-Philipp=20M=C3=BCller?= +Date: Wed, 3 Mar 2021 01:08:25 +0000 +Subject: [PATCH] tag: id3v2: fix frame size check and potential invalid reads + +Check the right variable when checking if there's +enough data left to read the frame size. + +Closes https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues/876 + +Part-of: +--- + gst-libs/gst/tag/id3v2frames.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gst-libs/gst/tag/id3v2frames.c b/gst-libs/gst/tag/id3v2frames.c +index 8e9f78254..f39659bf7 100644 +--- a/gst-libs/gst/tag/id3v2frames.c ++++ b/gst-libs/gst/tag/id3v2frames.c +@@ -109,7 +109,7 @@ id3v2_parse_frame (ID3TagsWorking * work) + + if (work->frame_flags & (ID3V2_FRAME_FORMAT_COMPRESSION | + ID3V2_FRAME_FORMAT_DATA_LENGTH_INDICATOR)) { +- if (work->hdr.frame_data_size <= 4) ++ if (frame_data_size <= 4) + return FALSE; + if (ID3V2_VER_MAJOR (work->hdr.version) == 3) { + work->parse_size = GST_READ_UINT32_BE (frame_data); +-- +2.31.1 + -- cgit v1.2.3